4 启用ipvs模块

root@master01:~# vi /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
ip_vs_rr
ip_vs_wrr
ip_vs_sh
ip_vs

---# Source: calico/templates/calico-etcd-secrets.yaml# The following contains k8s Secrets for use with a TLS enabled etcd cluster.# For information on populating Secrets, see http://kubernetes.io/docs/user-guide/secrets/apiVersion:v1kind:Secrettype:Opaquemetadata:name:calico-etcd-secretsnamespace:kube-systemdata:# Populate the following with etcd TLS configuration if desired, but leave blank if# not using TLS for etcd.# The keys below should be uncommented and the values populated with the base64# encoded contents of each file that would be associated with the TLS data.# Example command for encoding a file contents: cat <file> | base64 -w 0# etcd-key: null# etcd-cert: null# etcd-ca: null---# Source: calico/templates/calico-config.yaml# This ConfigMap is used to configure a self-hosted Calico installation.kind:ConfigMapapiVersion:v1metadata:name:calico-confignamespace:kube-systemdata:# Configure this with the location of your etcd cluster.etcd_endpoints:"http://172.16.1.1:2379,http://172.16.1.2:2379,http://172.16.1.3:2379"# If you're using TLS enabled etcd uncomment the following.# You must also populate the Secret below with these files.etcd_ca:""# "/calico-secrets/etcd-ca"etcd_cert:""# "/calico-secrets/etcd-cert"etcd_key:""# "/calico-secrets/etcd-key"# Typha is disabled.typha_service_name:"none"# Configure the backend to use.calico_backend:"bird"# Configure the MTU to useveth_mtu:"1440"# The CNI network configuration to install on each node. The special# values in this config will be automatically populated.cni_network_config:|-{"name": "k8s-pod-network","cniVersion": "0.3.0","plugins": [{"type": "calico","log_level": "info","etcd_endpoints": "__ETCD_ENDPOINTS__","etcd_key_file": "__ETCD_KEY_FILE__","etcd_cert_file": "__ETCD_CERT_FILE__","etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__","mtu": __CNI_MTU__,"ipam": {"type": "calico-ipam"},"policy": {"type": "k8s"},"kubernetes": {"kubeconfig": "__KUBECONFIG_FILEPATH__"}},{"type": "portmap","snat": true,"capabilities": {"portMappings": true}}]}---# Source: calico/templates/calico-node.yaml# This manifest installs the calico-node container, as well# as the CNI plugins and network config on# each master and worker node in a Kubernetes cluster.kind:DaemonSetapiVersion:extensions/v1beta1metadata:name:calico-nodenamespace:kube-systemlabels:k8s-app:calico-nodespec:selector:matchLabels:k8s-app:calico-nodeupdateStrategy:type:RollingUpdaterollingUpdate:maxUnavailable:1template:metadata:labels:k8s-app:calico-nodeannotations:# This, along with the CriticalAddonsOnly toleration below,# marks the pod as a critical add-on, ensuring it gets# priority scheduling and that its resources are reserved# if it ever gets evicted.scheduler.alpha.kubernetes.io/critical-pod:''spec:nodeSelector:beta.kubernetes.io/os:linuxhostNetwork:truetolerations:# Make sure calico-node gets scheduled on all nodes.-effect:NoScheduleoperator:Exists# Mark the pod as a critical add-on for rescheduling.-key:CriticalAddonsOnlyoperator:Exists-effect:NoExecuteoperator:ExistsserviceAccountName:calico-node# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.terminationGracePeriodSeconds:0initContainers:# This container installs the CNI binaries# and CNI network config file on each node.-name:install-cniimage:calico/cni:v3.7.2command:["/install-cni.sh"]env:# Name of the CNI config file to create.-name:CNI_CONF_NAMEvalue:"10-calico.conflist"# The CNI network config to install on each node.-name:CNI_NETWORK_CONFIGvalueFrom:configMapKeyRef:name:calico-configkey:cni_network_config# The location of the etcd cluster.-name:ETCD_ENDPOINTSvalueFrom:configMapKeyRef:name:calico-configkey:etcd_endpoints# CNI MTU Config variable-name:CNI_MTUvalueFrom:configMapKeyRef:name:calico-configkey:veth_mtu# Prevents the container from sleeping forever.-name:SLEEPvalue:"false"volumeMounts:-mountPath:/host/opt/cni/binname:cni-bin-dir-mountPath:/host/etc/cni/net.dname:cni-net-dir-mountPath:/calico-secretsname:etcd-certscontainers:# Runs calico-node container on each Kubernetes node. This# container programs network policy and routes on each# host.-name:calico-nodeimage:calico/node:v3.7.2env:# The location of the etcd cluster.-name:ETCD_ENDPOINTSvalueFrom:configMapKeyRef:name:calico-configkey:etcd_endpoints# Location of the CA certificate for etcd.-name:ETCD_CA_CERT_FILEvalueFrom:configMapKeyRef:name:calico-configkey:etcd_ca# Location of the client key for etcd.-name:ETCD_KEY_FILEvalueFrom:configMapKeyRef:name:calico-configkey:etcd_key# Location of the client certificate for etcd.-name:ETCD_CERT_FILEvalueFrom:configMapKeyRef:name:calico-configkey:etcd_cert# Set noderef for node controller.-name:CALICO_K8S_NODE_REFvalueFrom:fieldRef:fieldPath:spec.nodeName# Choose the backend to use.-name:CALICO_NETWORKING_BACKENDvalueFrom:configMapKeyRef:name:calico-configkey:calico_backend# Cluster type to identify the deployment type-name:CLUSTER_TYPEvalue:"k8s,bgp"# Auto-detect the BGP IP address.-name:IPvalue:"autodetect"# Enable IPIP-name:CALICO_IPV4POOL_IPIPvalue:"Always"# Set MTU for tunnel device used if ipip is enabled-name:FELIX_IPINIPMTUvalueFrom:configMapKeyRef:name:calico-configkey:veth_mtu# The default IPv4 pool to create on startup if none exists. Pod IPs will be# chosen from this range. Changing this value after installation will have# no effect. This should fall within `--cluster-cidr`.-name:CALICO_IPV4POOL_CIDRvalue:"10.68.0.0/16"# Disable file logging so `kubectl logs` works.-name:CALICO_DISABLE_FILE_LOGGINGvalue:"true"# Set Felix endpoint to host default action to ACCEPT.-name:FELIX_DEFAULTENDPOINTTOHOSTACTIONvalue:"ACCEPT"# Disable IPv6 on Kubernetes.-name:FELIX_IPV6SUPPORTvalue:"false"# Set Felix logging to "info"-name:FELIX_LOGSEVERITYSCREENvalue:"info"-name:FELIX_HEALTHENABLEDvalue:"true"securityContext:privileged:trueresources:requests:cpu:250mlivenessProbe:httpGet:path:/livenessport:9099host:localhostperiodSeconds:10initialDelaySeconds:10failureThreshold:6readinessProbe:exec:command:-/bin/calico-node--bird-ready--felix-readyperiodSeconds:10volumeMounts:-mountPath:/lib/modulesname:lib-modulesreadOnly:true-mountPath:/run/xtables.lockname:xtables-lockreadOnly:false-mountPath:/var/run/caliconame:var-run-calicoreadOnly:false-mountPath:/var/lib/caliconame:var-lib-calicoreadOnly:false-mountPath:/calico-secretsname:etcd-certsvolumes:# Used by calico-node.-name:lib-moduleshostPath:path:/lib/modules-name:var-run-calicohostPath:path:/var/run/calico-name:var-lib-calicohostPath:path:/var/lib/calico-name:xtables-lockhostPath:path:/run/xtables.locktype:FileOrCreate# Used to install CNI.-name:cni-bin-dirhostPath:path:/opt/cni/bin-name:cni-net-dirhostPath:path:/etc/cni/net.d# Mount in the etcd TLS secrets with mode 400.# See https://kubernetes.io/docs/concepts/configuration/secret/-name:etcd-certssecret:secretName:calico-etcd-secretsdefaultMode:0400---# Source: calico/templates/calico-kube-controllers.yaml# See https://github.com/projectcalico/kube-controllersapiVersion:extensions/v1beta1kind:Deploymentmetadata:name:calico-kube-controllersnamespace:kube-systemlabels:k8s-app:calico-kube-controllersannotations:scheduler.alpha.kubernetes.io/critical-pod:''spec:# The controllers can only have a single active instance.replicas:1strategy:type:Recreatetemplate:metadata:name:calico-kube-controllersnamespace:kube-systemlabels:k8s-app:calico-kube-controllersspec:nodeSelector:beta.kubernetes.io/os:linux# The controllers must run in the host network namespace so that# it isn't governed by policy that would prevent it from working.hostNetwork:truetolerations:# Mark the pod as a critical add-on for rescheduling.-key:CriticalAddonsOnlyoperator:Exists-key:node-role.kubernetes.io/mastereffect:NoScheduleserviceAccountName:calico-kube-controllerscontainers:-name:calico-kube-controllersimage:calico/kube-controllers:v3.7.2env:# The location of the etcd cluster.-name:ETCD_ENDPOINTSvalueFrom:configMapKeyRef:name:calico-configkey:etcd_endpoints# Location of the CA certificate for etcd.-name:ETCD_CA_CERT_FILEvalueFrom:configMapKeyRef:name:calico-configkey:etcd_ca# Location of the client key for etcd.-name:ETCD_KEY_FILEvalueFrom:configMapKeyRef:name:calico-configkey:etcd_key# Location of the client certificate for etcd.-name:ETCD_CERT_FILEvalueFrom:configMapKeyRef:name:calico-configkey:etcd_cert# Choose which controllers to run.-name:ENABLED_CONTROLLERSvalue:policy,namespace,serviceaccount,workloadendpoint,nodevolumeMounts:# Mount in the etcd TLS secrets.-mountPath:/calico-secretsname:etcd-certsreadinessProbe:exec:command:-/usr/bin/check-status--rvolumes:# Mount in the etcd TLS secrets with mode 400.# See https://kubernetes.io/docs/concepts/configuration/secret/-name:etcd-certssecret:secretName:calico-etcd-secretsdefaultMode:0400

10 部署Metrics-Server

---apiVersion:v1kind:ServiceAccountmetadata:name:metrics-servernamespace:kube-system---apiVersion:apps/v1kind:Deploymentmetadata:name:metrics-servernamespace:kube-systemlabels:k8s-app:metrics-serverspec:selector:matchLabels:k8s-app:metrics-servertemplate:metadata:name:metrics-serverlabels:k8s-app:metrics-serverspec:tolerations:-key:node-role.kubernetes.io/mastereffect:NoScheduleserviceAccountName:metrics-servervolumes:# mount in tmp so we can safely use from-scratch images and/or read-only containers-name:tmp-diremptyDir:{}containers:-name:metrics-serverimage:cloudnil/metrics-server-amd64:v0.3.1imagePullPolicy:Alwayscommand:-/metrics-server---kubelet-insecure-tls---kubelet-preferred-address-types=InternalIPvolumeMounts:-name:tmp-dirmountPath:/tmp